diff options
Diffstat (limited to 'net-dns/unbound')
| -rw-r--r-- | net-dns/unbound/Manifest | 5 | ||||
| -rw-r--r-- | net-dns/unbound/unbound-1.10.1-r1.ebuild | 2 | ||||
| -rw-r--r-- | net-dns/unbound/unbound-1.11.0.ebuild (renamed from net-dns/unbound/unbound-1.10.1.ebuild) | 71 |
3 files changed, 48 insertions, 30 deletions
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest index 64243029e652..36dd0dcfa02b 100644 --- a/net-dns/unbound/Manifest +++ b/net-dns/unbound/Manifest @@ -8,6 +8,7 @@ AUX unbound.service 247 BLAKE2B d986319f9b43600d4f6443f50e214efd39fd20be6a7067b5 AUX unbound.socket 101 BLAKE2B 4885d311873d7f3e5daf1c0a63798b13761b7c0bfb1bead0bde11bc2a2a994d55670c992b42ea1b4bbee98d04a12f4e7e7517bd0e9caa74d8cac2d1dc0c33274 SHA512 935ab3bd5bc3d3347e44c20482aa19396d243b89f2dbc7bf9f89b16a2559715866e16dfd9f5c4866222d8ee968f158a773475d94629f0ef9fa9b8fd23f0fbc2e AUX unbound_at.service 304 BLAKE2B 0762200390475ff6a3ca4dc282b3eca3e55cb339528a73b0c6148f4df336c4c07e8da19320df6bedb49cb6884da565543f78456d38dc3000ca2a1abde84816be SHA512 71bd8c422ffe57e448b66f97775075a407671757266d40294a670b41cd1a59f16b65488d30aa74b79b7536f0c4c50adb56e32377e8029fd6c327b85c022c5fe3 DIST unbound-1.10.1.tar.gz 5729334 BLAKE2B 7ca4f23c12a551bc6e5d6ec32f19ca0f54526b9a4c868ced8f31cfd31dec23f8240b78f0c00d2cc6f9aa21f6c1b98697c85ef3ebd804a838a5a082893fe98094 SHA512 d07f3ac0e751c17a3ff7d99518c22529cf6856861218564a2ca073422905525cb9ddaf76c9600187946fadb7324343bcd85c34ff06bd322e0ea621a2d258bb85 -EBUILD unbound-1.10.1-r1.ebuild 5429 BLAKE2B 4f16093ae3a34a97fd475da9d5094987ae289b203a71a6ca881b7371fe2f3550bc4d126e8b29d93564affd62df6428b1d27737ff71fce4c85122156238cd59f1 SHA512 8fe49aba1ec04421a6f29a4ae72ee3175447ab087503d2b6f3fc3690f5573e9663a376d5166e1252b902e9a0177a3a148b9abab8f874825579e30d77a4b3295b -EBUILD unbound-1.10.1.ebuild 5390 BLAKE2B ce7620d0f76f8ec2b304cb73e7f875938957f285bdf73741e7c43f3d720853500d0ff857d2ec101bacbd3d8a61e270c42d9aebb4365718b1cc434519b387d48b SHA512 2e9305db63c2889389362ea48938d0cdd66aeb3fc15636004b43ba2a9ab0a2c8ccf934125fc253c89927e24bbe68ce2e21ee2c736835d4fe8eedb560e996d3b3 +DIST unbound-1.11.0.tar.gz 5900967 BLAKE2B 3119bbcd78fa19c610937215abc64abcc1ca96ba42b6753a1e36fef501f68971ac2ee0cb9bde377e0b257c57f505aeac2315a6bf031626874d30967b0a5eb46a SHA512 511e787c5f9647286b07028702a8909390e0e6eafe7224459d5f1eee8a8dfb09c71e33f291e30851dc57411123b91dfe0e124787109a7e4afdf6f3b02768e7cd +EBUILD unbound-1.10.1-r1.ebuild 5424 BLAKE2B 85fe1509a5c82edf8985ce6cfa80325db99959566a7f63b9407d3c19311d420e98cfb29674538325740b485b48351a2e7621f6afdeb13c4f3152bff8c880b996 SHA512 8d65dadb63f9a70ee72e7cbadfc45a5921d4ec886540d01cab588696b0bbf7b30d502bcef1c0ae38d0e554979ca9cbe90bb7444ed00e87defb687640f9ea0546 +EBUILD unbound-1.11.0.ebuild 6008 BLAKE2B dd27e2b8d4d1c320af8e268ae5f0d9f95d26782137bfb11deebe44533904da8716d894bfacdcd3bbd187c0d1d52d9e6a57a330f75ced2cb3d1b802f705bc352e SHA512 df2940e7037f61717bc8c53a6ce386d189b4bffbb4a8881074798718087ab78e10e5c840070f629432f2ca328727b585ba2695703f9572ba5913fe8ad461d415 MISC metadata.xml 1357 BLAKE2B 3fccac00ddfac90bb692169a01f19402fd5534f05a88a8981e6e276f535800f50e4ee138f2b815db176e426422e54a2d107219f214cfaeda979ce1b03710f71a SHA512 13ffc57b5a7ddd1a2ab76a4f29d7a5dc2926ed07ae74f74444ecda949aae2a611a1e194d9b482fe145a00021f603b22c7b8a44f1b7901600da261b0bc1f51525 diff --git a/net-dns/unbound/unbound-1.10.1-r1.ebuild b/net-dns/unbound/unbound-1.10.1-r1.ebuild index 30c4c5084639..f4046ee80426 100644 --- a/net-dns/unbound/unbound-1.10.1-r1.ebuild +++ b/net-dns/unbound/unbound-1.10.1-r1.ebuild @@ -13,7 +13,7 @@ SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" LICENSE="BSD GPL-2" SLOT="0/8" # ABI version of libunbound.so -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~x86" +KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~mips ppc ppc64 x86" IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" RESTRICT="!test? ( test )" diff --git a/net-dns/unbound/unbound-1.10.1.ebuild b/net-dns/unbound/unbound-1.11.0.ebuild index 704a3c262452..30cafd751b15 100644 --- a/net-dns/unbound/unbound-1.10.1.ebuild +++ b/net-dns/unbound/unbound-1.11.0.ebuild @@ -2,9 +2,9 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="7" -PYTHON_COMPAT=( python3_{6,7} ) +PYTHON_COMPAT=( python3_{6,7,8,9} ) -inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user +inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd MY_P=${PN}-${PV/_/} DESCRIPTION="A validating, recursive and caching DNS resolver" @@ -13,7 +13,7 @@ SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" LICENSE="BSD GPL-2" SLOT="0/8" # ABI version of libunbound.so -KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~mips ppc ppc64 x86" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~x86" IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" RESTRICT="!test? ( test )" @@ -23,7 +23,9 @@ RESTRICT="!test? ( test )" # the executables. MULTILIB_USEDEP may be dropped once build system # is fixed. -CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] +CDEPEND="acct-group/unbound + acct-user/unbound + >=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) @@ -60,19 +62,12 @@ RDEPEND="${RDEPEND} PATCHES=( "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch + "${FILESDIR}"/${PN}-1.10.1-find-ar.patch ) S=${WORKDIR}/${MY_P} pkg_setup() { - enewgroup unbound - enewuser unbound -1 -1 /etc/unbound unbound - # improve security on existing installs (bug #641042) - # as well as new installs where unbound homedir has just been created - if [[ -d "${ROOT}/etc/unbound" ]]; then - chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" - fi - use python && python-single-r1_pkg_setup } @@ -148,16 +143,18 @@ multilib_src_install_all() { # create space for auto-trust-anchor-file... keepdir /etc/unbound/var + fowners root:unbound /etc/unbound/var + fperms 0770 /etc/unbound/var # ... and point example config to it sed -i \ -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ - "${ED}/etc/unbound/unbound.conf" || \ - die + "${ED}/etc/unbound/unbound.conf" \ + || die # Used to store cache data keepdir /var/lib/${PN} fowners root:unbound /var/lib/${PN} - fperms 0750 /var/lib/${PN} + fperms 0770 /var/lib/${PN} find "${ED}" -name '*.la' -delete || die if ! use static-libs ; then @@ -166,18 +163,38 @@ multilib_src_install_all() { } pkg_postinst() { - # make var/ writable by unbound - if [[ -d "${EROOT}/etc/unbound/var" ]]; then - chown --no-dereference --from=root unbound: "${EROOT}/etc/unbound/var" + if [[ ! -f "${EROOT}/etc/unbound/unbound_control.key" ]] ; then + einfo "Trying to create unbound control key ..." + if ! unbound-control-setup &>/dev/null ; then + ewarn "Failed to create unbound control key!" + fi fi - einfo "" - einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" - einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf" - einfo "and run" - einfo "" - einfo " su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound" - einfo "" - einfo "as root to create it initially before starting unbound for the first time after enabling this." - einfo "" + if [[ ! -f "${EROOT}/etc/unbound/var/root-anchors.txt" ]] ; then + einfo "" + einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" + einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf" + einfo "and run" + einfo "" + einfo " su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound" + einfo "" + einfo "as root to create it initially before starting unbound for the first time after enabling this." + einfo "" + fi + + # Our user is not available on prefix + use prefix && return + + local _perm_check_testfile=$(mktemp --dry-run "${EPREFIX}"/etc/unbound/var/.pkg_postinst-perm-check.XXXXXXXXX) + su -s /bin/sh -c "touch ${_perm_check_testfile}" unbound &>/dev/null + if [ $? -ne 0 ] ; then + ewarn "WARNING: unbound user cannot write to \"${EPREFIX}/etc/unbound/var\"!" + ewarn "Run the following commands to restore default permission:" + ewarn "" + ewarn " chown root:unbound ${EPREFIX}/etc/unbound/var" + ewarn " chmod 0770 ${EPREFIX}/etc/unbound/var" + else + # Cleanup -- no reason to die here! + rm -f "${_perm_check_testfile}" + fi } |